public inbox for [email protected]
help / color / mirror / Atom feedseparate security tag?
5+ messages / 2 participants
[nested] [flat]
* separate security tag?
@ 2025-12-10 12:23 Wim Bertels <[email protected]>
2025-12-10 13:48 ` Re: separate security tag? Christoph Berg <[email protected]>
0 siblings, 1 reply; 5+ messages in thread
From: Wim Bertels @ 2025-12-10 12:23 UTC (permalink / raw)
To: pgsql-pkg-debian
Hello,
in the context of
https://manpages.debian.org/trixie/unattended-upgrades/unattended-upgrades.8.en.html
could it possible to automatically update only the security updates
within the pgdg repository?
mvg,
Wim
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: separate security tag?
2025-12-10 12:23 separate security tag? Wim Bertels <[email protected]>
@ 2025-12-10 13:48 ` Christoph Berg <[email protected]>
2025-12-11 08:33 ` Re: separate security tag? Wim Bertels <[email protected]>
0 siblings, 1 reply; 5+ messages in thread
From: Christoph Berg @ 2025-12-10 13:48 UTC (permalink / raw)
To: Wim Bertels <[email protected]>; +Cc: pgsql-pkg-debian
Re: Wim Bertels
> in the context of
> https://manpages.debian.org/trixie/unattended-upgrades/unattended-upgrades.8.en.html
>
> could it possible to automatically update only the security updates
> within the pgdg repository?
I wouldn't know how to tag the packages in a way that apt would
understand. For security.debian.org, that's based on the whole repo
being "security", but for apt.pg.o, we don't have that.
Christoph
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: separate security tag?
2025-12-10 12:23 separate security tag? Wim Bertels <[email protected]>
2025-12-10 13:48 ` Re: separate security tag? Christoph Berg <[email protected]>
@ 2025-12-11 08:33 ` Wim Bertels <[email protected]>
2025-12-11 11:48 ` Re: separate security tag? Christoph Berg <[email protected]>
0 siblings, 1 reply; 5+ messages in thread
From: Wim Bertels @ 2025-12-11 08:33 UTC (permalink / raw)
To: ; +Cc: pgsql-pkg-debian
Christoph Berg schreef op wo 10-12-2025 om 14:48 [+0100]:
> Re: Wim Bertels
> > in the context of
> > https://manpages.debian.org/trixie/unattended-upgrades/unattended-upgrades.8.en.html
> >
> > could it possible to automatically update only the security updates
> > within the pgdg repository?
>
> I wouldn't know how to tag the packages in a way that apt would
> understand. For security.debian.org, that's based on the whole repo
> being "security", but for apt.pg.o, we don't have that.
>
tnx Christoph,
i was assuming that it would be possible somehow,
so the question then becomes:
could it be possible to have a
security.postgresql.org
and
apt.postgresql.org
?
Wim
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: separate security tag?
2025-12-10 12:23 separate security tag? Wim Bertels <[email protected]>
2025-12-10 13:48 ` Re: separate security tag? Christoph Berg <[email protected]>
2025-12-11 08:33 ` Re: separate security tag? Wim Bertels <[email protected]>
@ 2025-12-11 11:48 ` Christoph Berg <[email protected]>
2025-12-11 14:35 ` Re: separate security tag? Wim Bertels <[email protected]>
0 siblings, 1 reply; 5+ messages in thread
From: Christoph Berg @ 2025-12-11 11:48 UTC (permalink / raw)
To: Wim Bertels <[email protected]>; +Cc: pgsql-pkg-debian
Re: Wim Bertels
> so the question then becomes:
> could it be possible to have a
> security.postgresql.org
> and
> apt.postgresql.org
We could have separate suites foo-pgdg-security instead.
But I think that doesn't really solve the problem because it has too
many sub-dimensions. Say you switched to the apt.pg.o version of
pgbouncer because you wanted a newer feature. Would you later want
only security updates for it? If someone else switches to it later for
another feature, would we have to maintain pgbouncer-feature1-security
and pgbouncer-feature2-security? For the server packages, the
discussion is similar.
This would be a huge extra effort, and the problem space is already
complicated enough. If you want stable stable, use what is in Debian.
If you want newer versions, go with apt.pg.o.
I already try to mention CVEs in the package changelogs, though
sometimes I miss them. I could try to make sure that happens more
often.
Christoph
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: separate security tag?
2025-12-10 12:23 separate security tag? Wim Bertels <[email protected]>
2025-12-10 13:48 ` Re: separate security tag? Christoph Berg <[email protected]>
2025-12-11 08:33 ` Re: separate security tag? Wim Bertels <[email protected]>
2025-12-11 11:48 ` Re: separate security tag? Christoph Berg <[email protected]>
@ 2025-12-11 14:35 ` Wim Bertels <[email protected]>
0 siblings, 0 replies; 5+ messages in thread
From: Wim Bertels @ 2025-12-11 14:35 UTC (permalink / raw)
To: [email protected] <[email protected]>; +Cc: pgsql-pkg-debian
Christoph Berg schreef op do 11-12-2025 om 12:48 [+0100]:
>
> This would be a huge extra effort, and the problem space is already
> complicated enough.
i can imagine
thank you for the work done and being done
^ permalink raw reply [nested|flat] 5+ messages in thread
end of thread, other threads:[~2025-12-11 14:35 UTC | newest]
Thread overview: 5+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2025-12-10 12:23 separate security tag? Wim Bertels <[email protected]>
2025-12-10 13:48 ` Christoph Berg <[email protected]>
2025-12-11 08:33 ` Wim Bertels <[email protected]>
2025-12-11 11:48 ` Christoph Berg <[email protected]>
2025-12-11 14:35 ` Wim Bertels <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox